[pLog-svn] php security scanner
Ammar Ibrahim
ammar.ibrahim at gmail.com
Wed Jul 5 00:53:40 GMT 2006
To be honest, if you use an eval() then you are doing something wrong.
eval() should always be avoided.
Ammar
On 7/4/06, Jon Daley <plogworld at jon.limedaley.com> wrote:
>
> Is this eval necessary? Couldn't it just be written something like:
> $this->_$key = $parts["$key"];
> Is there any advantage using the eval?
> (I try to avoid evals and execs for general paranoia)
>
> url.class.php:
> function _calculateFields() {
> $parts = parse_url( $this->_url );
> $keys = Array( "scheme", "host", "port", "user", "pass",
> "path", "query", "fragment" );
>
> // this saves us time ;)
> foreach( $keys as $key ) {
> if (isset($parts[$key])) {
> $line = "\$this->_$key = \$parts[\"$key\"];";
> eval($line);
> }
> }
> }
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http:// devel.lifetype.net/pipermail/plog-svn/attachments/20060705/7194ff15/attachment-0001.html
More information about the pLog-svn
mailing list